Professional Documents
Culture Documents
Methodist University College Ghana
Methodist University College Ghana
Isaac Lamptey----------------BIT/EP/08/09/1216
Samuel Otu Afotey---------BIT/EP/08/09/ 1228
Theophilus Nii Armah------BIT/EP/08/09/1191
June 2012
Submitted in partial fulfillment of the requirements for
The degree of Bsc in Information Technology
DECLARATION
This is to declare, the research work underlying this dissertation has been carried out by the
under mentioned students under the supervision of the mentioned supervisor. Both the students
and the supervisor certifies that the work documented in this dissertation is the output of the
research connected by the students as part of their final year project work in partial fulfillments
of the Bachelor of science in information technology.
STUDENT'S SUPERVISOR
SAMUEL OTU AFOTEY
MR ISAAC BANSAH
ISAAC LAMPTEY
I. ABSTRACT
Techniques and issues regarding the development of appropriate virtual local area network
(Vlan) aredetailed. The step in design and the protocols used to efficiently support the
system. The objectives of this design is to outline the various effective planning stages and
target of deploying any network devices and its Vlan support benefit before it's installed
This will also give most business and organization the competitive advantages of technology
A careful study has been made on how business wants to effectively manage space time and
power (energy) its advantages and limitations. This will be followed by a brief review of
architecture Vlan network which is made up of a router, switch (layer3, layer2, layer 1),the aim
of this the aim of this project is to develop efficient and effective VLAN which will do away
with ambiguous cost of network implementation cost. This project will involve three phases the
development of detailed VLAN diagrams, the development of method of device and
configuration documentation (physical link and logical link) and the development of device
running configuration documentation. This will be demonstrated with three laptops each
connecting to a separate VLAN, resource will be available on a desktop computer as a server
for the laptop to access.
3
II. ACKNOWLEDGMENT
We would like to thank: our supervisor Mr Isaac Bansah, for his help in the formative stages of
this project and for teaching us an alternative way of thinking, for hisearly help regarding the
design of the VLAN and for teaching us in an innovative way. Duringour Bsc program (this
applies also to all lectures who taught us); the Head of Department Drofori for hissupport and
inspiration. We are also grateful to our Heavenly Father who has supported us in all ways
throughout our degreeProgram. We also thankall participating panel members for every effort
and time provisioned for us in numerous ways to aid our program, friends and colleagues for
their understanding and support when we most needed.
5
TABLE OF CONTENTS
PAGES
I.Abstract
0.Acknowledgement
LIST OF FIGURES
LIST OF TABLE
CHAPTER ONE
1.1 General Overview 1.2 Plan of project
1.3 Aims and objectives 1.4 Client
INTRODUCTION 8
9
15
19
CHAPTER TWO
2.1 TCP/IP Overview
LITERATURE REVIEW20
21 2.2 TCP/IP
Protocol Suites
2.3 SNMP and MIB
24 2.4
25 2.5.1 Fault
25
26 2.7
Unicast Routing
2.8 Multicast Routing
2.8.1 Routing Table Updates
2.8.2 LSP
2.9 Overview of VLANS
28
31 2.9.1
Benefits of VLANS
CHAPTER THREE
REQUIREMENTS ANALYSIS AND DESIGN
3.1 Background and research Context
33
34 3.2
411 3.4
Requirements
3.5 Requirement Analysis and Specification
3.6 VLAN Design
3.7 Design Testing
3.8 Testing Problems
4.3 Results
4.4 Effects of Load on Throughput and Latency
4.5 Bandwidth versus Throughput
BIBLIOGRAPHY
APPENDICES 38
APPENDIX 1 Questionnaire
APPENDIX 2 Data Dictionary
APPENDIX 3 Table Creation Configuration Script
APPENDIX 4 Interface Configuration Script
APPENDIX 5 Default Route
APPENDIX 6 Port Groupings
APPENDIX 7 Subnet Gateways
IV. LIST OF FIGURES
Figure 4.4.1 Diagram of a well structure VLAN
Figure 4.4.2 Internet Distribution on a VLAN
Figure 5.1.1 Structured Systems Approach OF A VLAN
Figure 5.2.1 Research Finding-businesses & organization
Figure 5.2.2 Research Findings- organization
Figure 6.1.1 System Architecture
8
APPENDIX 1 QUESTIONNAIRE
APPENDIX 2 DATA DICTIONNARY
APPENDIX 3 TABLE CREATION CONFIGURATION SCRIPT
APPENDIX 4 INTERFACE CONFIGURATIION SCRIPT
APPENDIX 5 DEFAULT ROUTE
APPENDIX 6 PORT GROUPINGS
APPENDIX 7 SUBNET GATEWAYS
IV. LIST OF FIGURES
Figure
5.2.1
Research
Finding-
1.0 INTRODUCTION
A VLAN is a virtual LAN. In technical terms, a VLAN is a broadcast domain created by
switches, normally it is router creating that broadcast domain with VLANs, A switch can
create the broadcast domain. A virtual local area network, virtual LAN or VLAN, is a group of
hosts with a common set of requirements that communicate as if they were attached to the
same broadcast domain, regardless of their physical location. A VLAN has the same attributes
as a physical local area network (LAN), but it allows for end stations to be grouped together
even if they are not located on the same network switch. LAN membership can be configured
through software instead of physically relocating devices or connections.
To physically replicate the functions of a VLAN, it would be necessary to install a separate,
parallel collection of network cables and equipment which are kept separate from the primary
network. However unlike a physically separate network, VLANs must share bandwidth; two
separate one-gigabit VLANs using a single one-gigabit interconnection can suffer both
reduced throughput and congestion. It virtualizes VLAN behaviors (configuring switch ports,
tagging frames when entering.
accessed over a public telephone network, data network, or the internet. The genetic name for
the collection of tools designed to protect data and to thwart hackers is computer security.
10
The second major change that affected security is the introduction of distributed systems and
the use of networks and communications facilities for carrying data between terminal user and
computer and between computer and computer. Networks security measures are needed to
protect data during their transmission. In fact, the term network security is somewhat
misleading, because virtually all business, government, and academic organizations
interconnect their data processing equipment with a collection of interconnected networks. Such
a collection is often referred to as an internet, and the term internet security is used.
There are no clear boundaries between these two forms of security. For example, one of the
most publicized types of attack on information systems is the computer virus. A virus may be
introduced into a system physically when it arrives on a diskette or optical disk and is
subsequently loaded onto a computer. Viruses may also arrive over an internet. In either case,
once the virus is resident on a computer system, internal computer security tools are needed to
detect and recover from the virus.
This book focuses on internet security, which consists of measures to deter, prevent, detect, and
correct security violations that involve the transmission of information. That is a broad
statement that covers a host of possibilities. To give you a feel for the areas covered in this
book, consider the following examples of security violations:
1. User A transmits a file to user B. the file contains sensitive information (e.g., payroll
records) that is to be protected from disclosure. User C, who is not authorized to read the
file, is able to monitor the transmission and capture a copy of the file during its
transmission.
2. A network manager, D, transmits a message to a computer, E, under its management. The
message instructs computer E to update an authorization file to include the identities of a
number of new users who are to be given access to that computer. User F intercepts the
message, alters its contents to add or delete entries and then forwards the message to E,
which accepts the message as coming from manager D and updates its authorization file
accordingly.
3. Rather than intercepts a message, user F constructs its own message with the
desired entries and transmits that message to E as if it had come from manager
D and updates its authorization file from manager D and updates its
authorization file accordingly.
11
a general discussion of network security services and mechanisms and of the types of
attacks they are designed for. Then we develop a general overall model within which
the security services and mechanisms can be viewed.
In 1994, the Internet Architecture Board (IAB) issued a report entitled "Security in
the Internet Architecture" (RFC 1636). This report stated the general consensus that
the Internet needs more and better security, and it identified key areas for security
mechanisms. Among these were the need to secure the network infrastructure form
authorized monitoring and control of network traffic and the need to secure end-userto end-user traffic using authentication and encryption mechanism. These concerns
are fully justified. As confirmation, consider the trends reported by the Computer
Emergency Response Team (CERT) Coordination Center (CERT/CC).
Figure 1 shows the trend in Internet related vulnerabilities reported to CERT over
a 10-year period these include security weakness in the operating systems of
attached computers (e.g.,
13
`1
Windows, Linux)as well as vulnerabilities in Internet routers and other network devices. Figure
1.1b shows the number of security-related incidents reported to CERT these include denial of
service attacks; IP spoofing, in which intruders create packets with false IP addresses and
exploit applications that use authentication based on IP; various forms of eavesdropping and
packet sniffing, in which attackers read transmitted information, including logon information
and database contents. Over time, the attacks on the Internet and Internet-attached systems have
grown more sophiscated while the amount of skill and knowledge required to amount an attack
has declined (Figure 1.2). Attacks have become more automated and can cause greater amounts
of damage.
Figure 1.1 CERT Statistics
This increase in attacks coincides with an increased use of the Internet and with increases in the
complexity of protocols, applications, and the Internet itself. Critical infrastructures
increasingly rely on the Internet for operations. Individual users rely on the security of the
Internet, email, the Web, and Web-based applications to a greater extent than ever. Thus, a wide
range of
technologies and tools re needed to counter the growing threat. At a basic level. At a basic,
cryptographic algorithms for confidentiality and authentication assume greater importance.
As well, designers need to focus on Internet-base protocols and the vulnerabilities of attached
operating systems and applications. This book surveys all of these technical areas.
14
OSI Model
Data
::nom,:=;
wY
Layer
..t
Netwrk
r:..Packets
Path oetermtnslon
and $P (Logical Addressing)
To assess effectively the security needs of an organization and to evaluate and choose various
security products and policies, the manager responsible for security needs some systematic way
of defining the requirements of security and characterizing the approaches to satisfying those
requirements. This is difficult enough in a centralized data processing environment; with the
use of local area and wide area networks, the problems are compounded.
15
16
omain)
Figure 1: Physical view of a VLAN.
VLAN's allow a network manager to logically segment a LAN into different broadcast domains
(see Figure2). Since this is a logical segmentation and not a physical one, workstations do not
have to be physically located together. Users on different floors of the same building, or even in
different buildings can now belong to the same LAN.
17
Physical View
Logical View
Figure 2: Physical and logical view of a VLAN.
VLAN's also allow broadcast domains to be defined without using routers. Bridging software is
used instead to define which workstations are to be included in the broadcast domain. Routers
would only have to be used to communicate between two VLAN's
18
today, primarily by reducing the size of collision domains. Grouping users into
logical networks will also increase performance by limiting broadcast traffic to
users performing similar functions or within individual workgroups. Additionally,
less traffic will need to be routed, and the latency
'
VLANs provide an easy, flexible, less costly way to modify logical groups in
changing environments. VLANs make large networks more manageable by
allowing centralized configuration of devices located in physically diverse
locations.
VLANs provide independence from the physical topology of the network by allowing
physically diverse workgroups to be logically connected within a single broadcast domain. If
the physical infrastructure is already in place, it now becomes a simple matter to add ports in
new locations to existing VLANs if a department expands or relocates. These assignments can
take place in advance of the move, and it is then a simple matter to move devices with their
existing configurations from one location to another. The old ports can then be
"decommissioned" for future use, or reused by the department for new users on the VLAN.
INCREASED SECURITY OPTIONS
VLANs have the ability to provide additional security not available in a shared media network
environment. By nature, a switched network delivers frames only to the intended recipients, and
broadcast frames only to other members of the VLAN. This allows the network administrator to
segment users requiring access to sensitive information into separate VLANs from the rest of
the general user community regardless of physical location. In addition, monitoring of a port
with a traffic analyzer will only view the traffic associated with that particular port, making
discreet monitoring of network traffic more difficult.
It should be noted that the enhanced security that is mentioned above is not to be considered
an absolute safeguard against security infringements. What this provides is additional
safeguards against "casual" but unwelcome attempts to view network traffic.
20
CHAPTER TWO
LITERATURE REVIEW
A literature review is a body of text that aims to review the critical points of current
knowledge including substantive findings as well as theoretical and methodological
contributions to a particular topic. Literature reviews are secondary source, and as such, do
not report any new or original experimental work.
Most often associated with academic-oriented literature, such as a thesis, a literature review
usually precedes a research proposal and results section. Its ultimate goal is to bring the
reader up to date with current literature on a topic and forms the basis for another goal, such
as future research that may be needed in the area.
A well-structured literature review is characterized by a logical flow of ideas; current and
relevant references with consistent, appropriate referencing style; proper use of terminology and
an unbiased and comprehensive view of the previous research on the topic.
Network management refers to the activities, methods, procedures, and tools that pertain to
the operation administration, maintenance, and provisioning of networked systems.111
Operation deals with keeping the network (and the services that the network provides) up and
running smoothly. It includes monitoring the network to spot problems as soon as possible,
ideally before users are affected.
Administration deals with keeping track of resources in the network and how they are assigned.
It includes all the "housekeeping" that is necessary to keep the network under control.
Maintenance is concerned with performing repairs and upgradesfor example, when
equipment must be replaced, when a router needs a patch for an operating system image, when
a new switch is added to a network. Maintenance also involves corrective and preventive
measures to make the managed network run "better", such as adjusting device configuration
parameters.
LI
21
22
Presentation
Session
Transport
Network
Physical
Application
Transport
Internet
Network Interface
HTTP
FTP
Sockets
TCP
IUDP
OSI and TCP/IP model Source:
Understanding TCP/IP
The following are descriptions for the layer that from the OSI and TCP/IP model.
Network Interface
Reference the model above, the network is the equivalent of the physical and data link in the
OSI model
23
Internet Layer
The internet layer, for that matter the network layer in the OSI model employs the use of a
group of protocols for packet delivery as listed and described below:
Internet Protocol (IP): The IP protocol ensures that packets are addressed and routed to
its correct destination between networks
Address Resolution Protocol (ARP): ARP ensures all destination computers on the
network have its hardware address matched to their IPs.
Internet Control Management Protocol (ICMP): ICMP is also for testing TCP/IP
networks alongside having the responsibility of reporting errors and messages of
packets being delivered.
Transport Layer
Transport layer ensures that communication between the source and the
destination computer exists and converts all information on the application layer
into packets.
Application Layer
High-protocol TCP/IP services like FTP, HTTP and SMTP are often run at
the application layer.
Network Interface
Referencing the model above, the network is the equivalent of the physical and data link
in the OSI model. This section normally refers to the hardware and software
components of the frame interchange between computers. It also indicates the link
between the host and the network.
24
2.3 SNMP
SNMP is a widely used protocol in networks for data collection and configuring of
network devices. It is a very flexible protocol that is employed for many network
services.
SNMP was designed to help manage centralized TCP/IP networks. Most network
management software employs the use of SNMP which helps transfer data from
remote or client locations to a log on the central server.
SNMP performs its functions by the use if a master/client concept where the agent is
located on the managed device and master on the managing workstation.
An SNMP managed network consists of three key components: managed devices, agents,
and network-management systems (NMSs).
A managed device is a network node that contains an SNMP agent and that resides on a
managed network.
Managed devices collect and store management information and make this information
available to NMSs using SNMP.
Managed devices, sometimes called network elements, can be routers and access servers,
switches and bridges, hubs, computer hosts, or printers.
An agent is a network management software module that resides in a managed device.
An agent has local knowledge of management information and translates that information
into a form compatible with SNMP.
An NMS executes applications that monitor and control managed devices.
25
2.4 NETWORK MANAGEMENT
Network management can be described as a list of activities performed on a network to ensure
smooth and efficient running with minimal down time. The amount of down time experienced
by a network determines the reliability of the network. These activities include the OSI
management functions listed below:
Configuration Management
Performance Management
Accounting Management
26